US10116528B2 - Direct network traffic monitoring within VM platforms in virtual processing environments - Google Patents

Direct network traffic monitoring within VM platforms in virtual processing environments Download PDF

Info

Publication number
US10116528B2
US10116528B2 US14/873,896 US201514873896A US10116528B2 US 10116528 B2 US10116528 B2 US 10116528B2 US 201514873896 A US201514873896 A US 201514873896A US 10116528 B2 US10116528 B2 US 10116528B2
Authority
US
United States
Prior art keywords
tool
client
platform
packet
platforms
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US14/873,896
Other languages
English (en)
Other versions
US20170099195A1 (en
Inventor
Kristopher Raney
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Keysight Technologies Singapore Sales Pte Ltd
Original Assignee
Keysight Technologies Singapore Holdings Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Keysight Technologies Singapore Holdings Pte Ltd filed Critical Keysight Technologies Singapore Holdings Pte Ltd
Assigned to IXIA reassignment IXIA ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RANEY, KRISTOPHER
Priority to US14/873,896 priority Critical patent/US10116528B2/en
Priority to PCT/US2016/052589 priority patent/WO2017058564A1/en
Priority to EP16852312.4A priority patent/EP3356935B1/de
Priority to US15/342,170 priority patent/US10652112B2/en
Publication of US20170099195A1 publication Critical patent/US20170099195A1/en
Assigned to KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LTD. reassignment KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: IXIA
Assigned to KEYSIGHT TECHNOLOGIES SINGAPORE (SALES) PTE. LTD. reassignment KEYSIGHT TECHNOLOGIES SINGAPORE (SALES) PTE. LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LTD.
Publication of US10116528B2 publication Critical patent/US10116528B2/en
Application granted granted Critical
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/04Network management architectures or arrangements
    • H04L41/046Network management architectures or arrangements comprising network management agents or mobile agents therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/40Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/20Arrangements for monitoring or testing data switching networks the monitoring system or the monitored elements being virtualised, abstracted or software-defined entities, e.g. SDN or NFV

Definitions

  • the method further includes operating a first hypervisor within the first VM host server to provide a first virtualization layer for the client VM platform and a corresponding first guest operating system, and operating a second hypervisor within the second VM host server to provide a second virtualization layer for the tool VM platform and a corresponding second guest operating system.
  • the method further includes operating a first container engine within the first VM host server to provide a first virtualization layer for the client VM platform without a corresponding guest operating system, and operating a second container engine within the second VM host server to provide a second virtualization layer for the tool VM platform without a corresponding guest operating system.
  • the second VM server is configured to host a tool packet monitor application, and the tool packet monitor application is configured to receive the encapsulated network packet copies.
  • the tool packet monitor application is further configured to de-encapsulate the encapsulated network packet copies to form client traffic and to forward the client traffic to one or more tool applications operating within the tool VM platform.
  • encapsulation headers for the network packet copies include GRE (general routing encapsulation) headers.
  • the GRE headers include GRE identifiers that identify destination tool applications within the tool VM platform to receive the network packet.
  • the system further includes a third VM server configured to host a traffic management VM platform, and the GRE identifiers include GRE identifiers received from the traffic management VM platform.
  • a single common VM server serves as the first VM server, the second VM server, and the third VM server.
  • FIG. 2 is a block diagram of an example embodiment for a client VM platform that includes a client packet monitor application.
  • FIG. 6A is a block diagram of an example embodiment for a VM host server that uses a hypervisor to provide a virtualization layer.
  • FIG. 6B is a block diagram of an example embodiment for a VM host server that uses a container engine to provide a virtualization layer.
  • FIG. 10 is a process flow diagram of an example embodiment where tool VM platforms are adjusted based upon current capacity needs.
  • configuration of the client/tool packet monitor applications is preferably managed centrally by a traffic management VM platform, and newly created instances of the packet monitor applications can immediately download configuration information from the traffic management VM platform at startup without any need for user intervention.
  • the packet monitor applications are installed as virtual applications that run on hypervisors using corresponding guest operating systems.
  • the client packet monitor applications are installed as container applications that run on container engines without need for guest operating systems.
  • Other variations can also be implemented while still taking advantage of the direct VM packet traffic monitoring techniques described herein.
  • FIGS. 1-4 provide example embodiments for virtual processing environments where a traffic management VM platform manages client/tool packet monitor applications operating internally to client VM platforms and tool VM platforms to provide for packet traffic monitoring.
  • FIG. 5 provides an example embodiment for a VM host server.
  • FIGS. 6A-B provide example embodiments for a hypervisor solution and container engine solution for different virtual processing environments.
  • FIGS. 7A-B and 8 provide example embodiments for auto-configuration of client packet monitor applications within new client VM platforms using a traffic management VM platform.
  • FIGS. 9-10 provide example embodiments for auto-configuration of tool packet monitor applications within new tool VM platforms using a traffic management VM platform. It is further noted that other variations and features can also be implemented while still taking advantage of the direct VM packet traffic monitoring techniques described herein.
  • FIG. 1 is a block diagram of an example embodiment 100 for a traffic monitoring environment including a traffic management VM platform 150 on host server 142 configured to manage packet monitor applications 110 / 130 operating within VM platforms on VM host servers 102 and 122 .
  • a traffic management VM platform 150 operates within a third VM host server 142 .
  • the client VM platforms 104 , 106 , 108 . . . operate within a virtualization layer 112 that operates on top of an operating system (OS) 114 which in turn operates on computer hardware 116 .
  • the computer hardware 116 is coupled to communicate with the network communication paths 160 , for example, through one or more network interface cards and/or other network connections.
  • the client VM platforms 104 , 106 , 108 . . . can be configured, for example, to operate in part to provide one or more network applications that communicate packets through the external network communication paths 160 and/or with each other.
  • the client packet monitor application 110 operates to monitor packet traffic within the client VM platform 104 and to forward copies of this packet traffic to one or more of the tool VM platforms 124 , 126 , 128 . . . within one or more VM host servers as represented by dashed arrow 162 .
  • this VM platform traffic 208 includes client traffic 204 , tool traffic 226 directed to one or more tool packet monitor applications 130 , management traffic 228 communicated with the traffic management VM platform 150 , and any other traffic for the client VM platform 104 .
  • the encapsulation engine 222 can add GRE (generic routing encapsulation) identifiers within a GRE header to each packet within the traffic of interest to identify one or more tool applications to receive that packet, and available tool applications can be assigned unique GRE identifiers.
  • GRE generator routing encapsulation
  • the configuration information received through the management traffic 228 can also be stored as configuration data 218 by the controller 216 , and the controller 216 can control the network TAP 212 , the filters 214 , and the tool packet interface 220 to operate according to management instructions received through the management traffic 228 within the VM platform traffic 208 .
  • the client packet interface 320 receives the encapsulated tool traffic 226 communicated by the client packet monitor application 110 within one or more client VM platforms.
  • the client packet interface 320 uses the de-encapsulation engine 322 to remove encapsulation headers from the traffic of interest within the encapsulated tool traffic 226 .
  • the de-encapsulation engine 322 can remove GRE headers and use GRE identifiers within those header to identify one or more tool applications 302 to receive that packet.
  • available tool applications 302 can be assigned unique GRE identifiers.
  • the de-encapsulated traffic can also be processed by one or more filters 314 to further select traffic of interest and/or desired tool destinations for the traffic of interest.
  • the filtered traffic of interest is then provided to the tool interface 312 , and this resulting client traffic 326 is communicated to the one or more tool applications 302 .
  • Result information from the tool applications 302 can then be communicated through the network interface 306 as part of the VM platform traffic 308 .
  • the tool packet monitor application 130 can also have a separate network interface, if desired, such that the tool traffic 226 and the management traffic 328 are communicated through this separate network interface rather than through the network interface 306 .
  • management traffic 328 can be received from the traffic management VM platform 150 to provide the GRE identifiers for available tool applications 302 and to provide filter configurations for the filters 314 .
  • the tool packet monitor application 130 can also communicate information and/or requests back to the traffic management VM platform 150 , as desired.
  • the configuration information received from the traffic management VM platform 150 can also be stored as configuration data 318 by the controller 316 , and the controller 316 can control the client packet interface 320 , the filters 314 , and the tool interface 312 to operate according to management instructions received through the management traffic 328 within the VM platform traffic 308 .
  • the tool packet monitor application 130 can instead terminate the tunnel directly.
  • the encapsulation tunnels providing packets from one or more client packet monitor applications 110 can be terminated more efficiently, and associated packet traffic can be aggregated down to a single stream of relevant traffic using the filters 314 .
  • the tool packet monitor application 130 can remove processing and filtering requirements that would otherwise have to be implemented by the tool applications 302 with respect to termination and aggregation of the tool traffic 226 to form the resulting client traffic 326 .
  • the filters 214 / 314 can rely upon various portions of the content of network packets to identify packets and to determine which tool application is to receive the packets.
  • filters 214 / 314 can be configured to rely upon data and/or information associated with any network layer header values or packet field contents to perform such actions.
  • packet-based communications are often described in terms of seven communication layers under the ISO/OSI (International Standards Organization/Open Systems Interconnect) model: application layer (L7), presentation layer (L6), session layer (L5), transport layer (L4), network layer (L3), data link layer (L2), and physical layer (L1).
  • ISO/OSI International Standards Organization/Open Systems Interconnect
  • Packet headers associated with any of these layers as well as packet data payload contents therefore, can be used to the filters 214 / 314 .
  • information pertinent to identifying a packet such as source ID and destination ID and protocol type, is often found in one or more network layer headers. Packets also have various other identification fields and content information within them that may be matched and used to collect and aggregate information about packets and related packet flows.
  • the filters 214 / 314 are operating as part of the client packet monitor application 110 / 130 inside of the client VM platforms, the filters 214 / 314 can also rely upon non-packet content related information to determine tool destinations for the tool traffic 226 .
  • configuration files 144 and the configuration data 218 / 318 described above can be stored within one or more data storage systems, and these data storage systems can be implemented using one or more non-transitory tangible computer-readable mediums such as FLASH memory, random access memory, read only memory, programmable memory devices, reprogrammable storage devices, hard drives, floppy disks, DVDs, CD-ROMs, and/or any other non-transitory data storage mediums.
  • VM host servers 102 , 122 , and 142 can be implemented using one or more processing devices programmed to provide the functionality described herein.
  • FIG. 5 is a block diagram of an example embodiment for a VM host server 102 / 122 / 142 .
  • the VM host server 102 / 122 / 142 includes one or more central processing units (CPUs) 502 or other processing devices programmed to provide a virtualization layer 112 / 132 / 152 including a plurality of virtual machine (VM) platforms 512 , 514 , . . . 516 .
  • CPUs central processing units
  • VM virtual machine
  • the VM host operating system 114 / 134 / 154 , the virtualization layer 112 / 132 / 152 , and the VM platforms 512 , 514 , . . . 516 can be initialized, controlled, and operated by the CPUs or processing devices 502 which load and execute software code and/or programming instructions stored in the data storage systems 508 to perform the functions described herein.
  • the VM platforms 512 , 514 , . . . 516 can be client VM platforms, tool VM platforms, and/or traffic management VM platforms, as described above.
  • FIG. 6B is a block diagram of an example embodiment 650 for a VM host server 102 / 122 / 132 that uses a container engine to provide a virtualization layer 112 / 132 / 152 .
  • VM platform 512 operates on top of container engine 112 / 132 / 152 which in turn operates on top of host operating system (OS) 114 / 134 / 154 which in turn operates on top of server hardware 116 / 136 / 156 .
  • OS host operating system
  • FIG. 7B is a block diagram of an example embodiment 750 for a monitoring environment where additional client processing capacity 751 has been added to the embodiment of FIG. 7A .
  • the source group 702 of VM platforms now includes additional client VM platforms 752 , 754 , and 756 in addition to client VM platform 104 .
  • additional tool traffic 753 , 755 , and 757 is being provided to the VM platform 124 within a destination group 704 .
  • FIG. 8 is a process flow diagram of an example embodiment 800 where the traffic management VM platform 150 is used to provide configuration of client packet monitor applications within new client VM platforms.
  • a new client VM platform is initiated.
  • a determination is made whether an existing configuration is to be used. If “YES,” then flow passes to block 806 where a copy of an existing configuration is sent from the traffic management VM platform 150 to the new client VM platform.
  • the traffic management VM platform 150 can also operate to initiate and/or configure new tool VM platforms when additional tool processing capacity is needed based upon additional client traffic. For example, as the number of client VM platforms scales out, an existing tool VM platform may find itself serving an increasing amount of traffic. In order to cope with this, additional tool VM platforms can be initiated and operated to add tool capacity. The traffic management VM platform 150 can then send management traffic to the client VM platforms and the tool VM platforms to rebalance traffic among the available resources.
  • the load balancing that is applied by the traffic management VM platform 150 can be relatively minimal or can be relatively complex depending upon the load balancing desired for the visibility and monitoring environment.
  • FIG. 9 a block diagram is provided of an example embodiment 900 for a monitoring environment where additional tool processing capacity 901 has been added.
  • the source group 702 of VM platforms includes client VM platforms 104 , 752 , 754 , and 756 .
  • tool traffic 226 , 753 , 755 , and 757 is being generated and provided to the destination group 704 .
  • an additional tool VM platform 902 was initiated and configured, for example, using the traffic management VM platform 150 .
  • FIG. 10 is a process flow diagram of an example embodiment 1000 where tool VM platforms are adjusted based upon current capacity needs.
  • a traffic level for one or more existing tool VM platforms is determined.
  • the traffic management VM platform 150 can also be used to provide configuration information for the new tool VM platform and a new tool packet monitor application 130 within the new tool VM platform. If the determination in block 1004 is “NO,” then flow passes to block 1008 where a determination is made whether an excess capacity condition exists. If “NO,” then flow passes back to block 1002 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
US14/873,896 2015-10-02 2015-10-02 Direct network traffic monitoring within VM platforms in virtual processing environments Active 2036-01-12 US10116528B2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US14/873,896 US10116528B2 (en) 2015-10-02 2015-10-02 Direct network traffic monitoring within VM platforms in virtual processing environments
PCT/US2016/052589 WO2017058564A1 (en) 2015-10-02 2016-09-20 Direct network traffic monitoring within vm platforms in virtual processing environments
EP16852312.4A EP3356935B1 (de) 2015-10-02 2016-09-20 Direkte netzverkehrsüberwachung innerhalb von virtuellen maschinenplattformen in virtuellen verarbeitungsumgebungen
US15/342,170 US10652112B2 (en) 2015-10-02 2016-11-03 Network traffic pre-classification within VM platforms in virtual processing environments

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US14/873,896 US10116528B2 (en) 2015-10-02 2015-10-02 Direct network traffic monitoring within VM platforms in virtual processing environments

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/342,170 Continuation-In-Part US10652112B2 (en) 2015-10-02 2016-11-03 Network traffic pre-classification within VM platforms in virtual processing environments

Publications (2)

Publication Number Publication Date
US20170099195A1 US20170099195A1 (en) 2017-04-06
US10116528B2 true US10116528B2 (en) 2018-10-30

Family

ID=58424361

Family Applications (1)

Application Number Title Priority Date Filing Date
US14/873,896 Active 2036-01-12 US10116528B2 (en) 2015-10-02 2015-10-02 Direct network traffic monitoring within VM platforms in virtual processing environments

Country Status (3)

Country Link
US (1) US10116528B2 (de)
EP (1) EP3356935B1 (de)
WO (1) WO2017058564A1 (de)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10652112B2 (en) 2015-10-02 2020-05-12 Keysight Technologies Singapore (Sales) Pte. Ltd. Network traffic pre-classification within VM platforms in virtual processing environments

Families Citing this family (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015061353A1 (en) 2013-10-21 2015-04-30 Nyansa, Inc. A system and method for observing and controlling a programmable network using a remote network manager
US10341355B1 (en) * 2015-06-23 2019-07-02 Amazon Technologies, Inc. Confidential malicious behavior analysis for virtual computing resources
US10142212B2 (en) * 2015-10-26 2018-11-27 Keysight Technologies Singapore (Holdings) Pte Ltd On demand packet traffic monitoring for network packet communications within virtual processing environments
US10135702B2 (en) 2015-11-12 2018-11-20 Keysight Technologies Singapore (Holdings) Pte. Ltd. Methods, systems, and computer readable media for testing network function virtualization (NFV)
US9967165B2 (en) * 2015-12-07 2018-05-08 Keysight Technologies Singapore (Holdings) Pte. Ltd. Methods, systems, and computer readable media for packet monitoring in a virtual environment
US10659340B2 (en) 2016-01-28 2020-05-19 Oracle International Corporation System and method for supporting VM migration between subnets in a high performance computing environment
US10616118B2 (en) 2016-01-28 2020-04-07 Oracle International Corporation System and method for supporting aggressive credit waiting in a high performance computing environment
US10348847B2 (en) 2016-01-28 2019-07-09 Oracle International Corporation System and method for supporting proxy based multicast forwarding in a high performance computing environment
US10355972B2 (en) 2016-01-28 2019-07-16 Oracle International Corporation System and method for supporting flexible P_Key mapping in a high performance computing environment
US10666611B2 (en) 2016-01-28 2020-05-26 Oracle International Corporation System and method for supporting multiple concurrent SL to VL mappings in a high performance computing environment
US10630816B2 (en) 2016-01-28 2020-04-21 Oracle International Corporation System and method for supporting shared multicast local identifiers (MILD) ranges in a high performance computing environment
US10581711B2 (en) 2016-01-28 2020-03-03 Oracle International Corporation System and method for policing network traffic flows using a ternary content addressable memory in a high performance computing environment
US10333894B2 (en) 2016-01-28 2019-06-25 Oracle International Corporation System and method for supporting flexible forwarding domain boundaries in a high performance computing environment
US10536334B2 (en) 2016-01-28 2020-01-14 Oracle International Corporation System and method for supporting subnet number aliasing in a high performance computing environment
US10348649B2 (en) 2016-01-28 2019-07-09 Oracle International Corporation System and method for supporting partitioned switch forwarding tables in a high performance computing environment
US10320750B1 (en) * 2016-03-30 2019-06-11 Amazon Technologies, Inc. Source specific network scanning in a distributed environment
US10178119B1 (en) 2016-03-30 2019-01-08 Amazon Technologies, Inc. Correlating threat information across multiple levels of distributed computing systems
US10148675B1 (en) 2016-03-30 2018-12-04 Amazon Technologies, Inc. Block-level forensics for distributed computing systems
US10333962B1 (en) 2016-03-30 2019-06-25 Amazon Technologies, Inc. Correlating threat information across sources of distributed computing systems
US10142290B1 (en) 2016-03-30 2018-11-27 Amazon Technologies, Inc. Host-based firewall for distributed computer systems
US10079842B1 (en) 2016-03-30 2018-09-18 Amazon Technologies, Inc. Transparent volume based intrusion detection
US10200267B2 (en) * 2016-04-18 2019-02-05 Nyansa, Inc. System and method for client network congestion detection, analysis, and management
US10193741B2 (en) * 2016-04-18 2019-01-29 Nyansa, Inc. System and method for network incident identification and analysis
US10230609B2 (en) * 2016-04-18 2019-03-12 Nyansa, Inc. System and method for using real-time packet data to detect and manage network issues
US10511508B2 (en) 2016-05-05 2019-12-17 Keysight Technologies Singapore (Sales) Pte. Ltd. Network packet forwarding systems and methods to push packet pre-processing tasks to network tap devices
WO2017196216A1 (en) * 2016-05-12 2017-11-16 Telefonaktiebolaget Lm Ericsson (Publ) A monitoring controller and a method performed thereby for monitoring network performance
US10491502B2 (en) * 2016-06-29 2019-11-26 Nicira, Inc. Software tap for traffic monitoring in virtualized environment
US9906401B1 (en) 2016-11-22 2018-02-27 Gigamon Inc. Network visibility appliances for cloud computing architectures
US11075886B2 (en) 2016-12-15 2021-07-27 Keysight Technologies Singapore (Sales) Pte. Ltd. In-session splitting of network traffic sessions for server traffic monitoring
US10171425B2 (en) 2016-12-15 2019-01-01 Keysight Technologies Singapore (Holdings) Pte Ltd Active firewall control for network traffic sessions within virtual processing platforms
US10178003B2 (en) 2016-12-15 2019-01-08 Keysight Technologies Singapore (Holdings) Pte Ltd Instance based management and control for VM platforms in virtual processing environments
WO2018124949A1 (en) 2016-12-28 2018-07-05 Telefonaktiebolaget Lm Ericsson (Publ) Dynamic management of monitoring tasks in a cloud environment
US10142263B2 (en) 2017-02-21 2018-11-27 Keysight Technologies Singapore (Holdings) Pte Ltd Packet deduplication for network packet monitoring in virtual processing environments
US11012327B2 (en) 2017-06-19 2021-05-18 Keysight Technologies Singapore (Sales) Pte. Ltd. Drop detection and protection for network packet monitoring in virtual processing environments
WO2019037856A1 (en) 2017-08-24 2019-02-28 Telefonaktiebolaget Lm Ericsson (Publ) METHOD AND APPARATUS FOR PERMITTING ACTIVE MEASUREMENTS IN INTERNET OBJECT (IDO) SYSTEMS
US10541901B2 (en) 2017-09-19 2020-01-21 Keysight Technologies Singapore (Sales) Pte. Ltd. Methods, systems and computer readable media for optimizing placement of virtual network visibility components
US10764169B2 (en) 2017-10-09 2020-09-01 Keysight Technologies, Inc. Methods, systems, and computer readable media for testing virtual network components deployed in virtual private clouds (VPCs)
US10728135B2 (en) 2017-10-13 2020-07-28 Keysight Technologies, Inc. Location based test agent deployment in virtual processing environments
US10666494B2 (en) 2017-11-10 2020-05-26 Nyansa, Inc. System and method for network incident remediation recommendations
US11038770B2 (en) 2018-02-01 2021-06-15 Keysight Technologies, Inc. Methods, systems, and computer readable media for managing deployment and maintenance of network tools
US10812349B2 (en) 2018-02-17 2020-10-20 Keysight Technologies, Inc. Methods, systems and computer readable media for triggering on-demand dynamic activation of cloud-based network visibility tools
CN110198246B (zh) * 2018-02-26 2021-12-14 腾讯科技(北京)有限公司 一种流量监控的方法及系统
CN110351160B (zh) * 2018-04-08 2021-12-14 华为技术有限公司 监测业务质量的方法和装置
US11398968B2 (en) 2018-07-17 2022-07-26 Keysight Technologies, Inc. Methods, systems, and computer readable media for testing virtualized network functions and related infrastructure
US11489745B2 (en) 2019-10-15 2022-11-01 Keysight Technologies, Inc. Methods, systems and computer readable media for providing a declarative network monitoring environment
US11323354B1 (en) 2020-10-09 2022-05-03 Keysight Technologies, Inc. Methods, systems, and computer readable media for network testing using switch emulation
US11483227B2 (en) 2020-10-13 2022-10-25 Keysight Technologies, Inc. Methods, systems and computer readable media for active queue management
US11621893B2 (en) 2021-02-09 2023-04-04 Keysight Technologies, Inc. Methods, systems, and computer readable media for establishing dynamic agent associations in a cloud computing environment
EP4366248A1 (de) * 2021-07-01 2024-05-08 LG Electronics Inc. Signalverarbeitungsvorrichtung und fahrzeugkommunikationsvorrichtung damit
US11853254B1 (en) 2022-10-07 2023-12-26 Keysight Technologies, Inc. Methods, systems, and computer readable media for exposing data processing unit (DPU) traffic in a smartswitch

Citations (69)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5515376A (en) 1993-07-19 1996-05-07 Alantec, Inc. Communication apparatus and methods
US20010022786A1 (en) 1998-04-20 2001-09-20 Wai King Receive processing for dedicated bandwidth data communication switch backplane
US6321259B1 (en) 1998-10-02 2001-11-20 Nortel Networks Limited Attribute inheritance schema for network switches
US20010055274A1 (en) 2000-02-22 2001-12-27 Doug Hegge System and method for flow mirroring in a network switch
US20020186259A1 (en) 2001-04-20 2002-12-12 General Instrument Corporation Graphical user interface for a transport multiplexer
US20030046657A1 (en) 2001-08-15 2003-03-06 Jason White Creating a graphical program to configure one or more switch devices
US20030074421A1 (en) 2001-08-14 2003-04-17 Mieko Kusano Internet access via specific server and via proprietary application for selecting and controlling content: remote and local
US6578147B1 (en) 1999-01-15 2003-06-10 Cisco Technology, Inc. Parallel intrusion detection sensors with load balancing for high speed networks
US20040003094A1 (en) 2002-06-27 2004-01-01 Michael See Method and apparatus for mirroring traffic over a network
US20040042470A1 (en) 2000-06-16 2004-03-04 Geoffrey Cooper Method and apparatus for rate limiting
US20040103321A1 (en) 1996-02-06 2004-05-27 Wesinger Ralph E. Firewall providing enhanced network security and user transparency
US20040107361A1 (en) 2002-11-29 2004-06-03 Redan Michael C. System for high speed network intrusion detection
US6785286B1 (en) 1999-05-25 2004-08-31 3Com Corporation Port mirroring across a trunked stack of multi-port communication devices
US20040196841A1 (en) 2003-04-04 2004-10-07 Tudor Alexander L. Assisted port monitoring with distributed filtering
US6839349B2 (en) 1999-12-07 2005-01-04 Broadcom Corporation Mirroring in a stacked network switch configuration
US6853623B2 (en) 1999-03-05 2005-02-08 Cisco Technology, Inc. Remote monitoring of switch network
US20050053073A1 (en) 2003-09-03 2005-03-10 Andiamo Systems, Inc. A Delaware Corporation Switch port analyzers
US6901517B1 (en) 1999-07-16 2005-05-31 Marconi Communications, Inc. Hardware based security groups, firewall load sharing, and firewall redundancy
US6920112B1 (en) 1998-06-29 2005-07-19 Cisco Technology, Inc. Sampling packets for network monitoring
US20050182950A1 (en) 2004-02-13 2005-08-18 Lg N-Sys Inc. Network security system and method
US6954775B1 (en) 1999-01-15 2005-10-11 Cisco Technology, Inc. Parallel intrusion detection sensors with load balancing for high speed networks
US7016980B1 (en) 2000-01-18 2006-03-21 Lucent Technologies Inc. Method and apparatus for analyzing one or more firewalls
US7027437B1 (en) 1999-05-21 2006-04-11 Advanced Micro Devices, Inc. Network switch multiple-port sniffing
US20060256788A1 (en) 2001-12-28 2006-11-16 Donahue David B System and method for content filtering using static source routes
US7142518B2 (en) 2001-09-03 2006-11-28 Agilent Technologies, Inc. Monitoring communications networks
US7143196B2 (en) 2002-05-06 2006-11-28 Silverstorm Technologies, Inc System and method for span port configuration
US7245620B2 (en) 2002-03-15 2007-07-17 Broadcom Corporation Method and apparatus for filtering packet data in a network device
US7254114B1 (en) 2002-08-26 2007-08-07 Juniper Networks, Inc. Network router having integrated flow accounting and packet interception
US7310306B1 (en) 2001-10-16 2007-12-18 Cisco Technology, Inc. Method and apparatus for ingress port filtering for packet switching systems
US20080008202A1 (en) 2002-10-31 2008-01-10 Terrell William C Router with routing processors and methods for virtualization
US20080072292A1 (en) 2006-09-01 2008-03-20 Narjala Ranjit S Secure device introduction with capabilities assessment
US20080201455A1 (en) 2007-02-15 2008-08-21 Husain Syed M Amir Moving Execution of a Virtual Machine Across Different Virtualization Platforms
US7424018B2 (en) 2004-05-05 2008-09-09 Gigamon Systems Llc Asymmetric packet switch and a method of use
US20080222731A1 (en) 2000-01-14 2008-09-11 Secure Computing Corporation Network security modeling system and method
US20090007021A1 (en) 2007-06-28 2009-01-01 Richard Hayton Methods and systems for dynamic generation of filters using a graphical user interface
US20090013052A1 (en) 1998-12-18 2009-01-08 Microsoft Corporation Automated selection of appropriate information based on a computer user's context
US20090150996A1 (en) 2007-12-11 2009-06-11 International Business Machines Corporation Application protection from malicious network traffic
US7554984B2 (en) 2004-11-30 2009-06-30 Broadcom Corporation Fast filter processor metering and chaining
US20090172148A1 (en) 2007-12-26 2009-07-02 Verizon Business Network Services Inc. Method and system for monitoring and analyzing of ip networks elements
US20090238192A1 (en) 2008-03-21 2009-09-24 Alcatel Lucent In-band DPI application awareness propagation enhancements
US20090327903A1 (en) 2006-07-06 2009-12-31 Referentia Systems, Inc. System and Method for Network Topology and Flow Visualization
US20100017801A1 (en) * 2008-07-18 2010-01-21 Vmware, Inc. Profile based creation of virtual machines in a virtualization environment
US20100027554A1 (en) 2008-07-30 2010-02-04 Jiri Kuthan Methods, systems, and computer readable media for implementing a policy for a router
US7688727B1 (en) 2000-04-17 2010-03-30 Juniper Networks, Inc. Filtering and route lookup in a switching device
US7769873B1 (en) 2002-10-25 2010-08-03 Juniper Networks, Inc. Dynamically inserting filters into forwarding paths of a network device
US20100332618A1 (en) 2007-11-09 2010-12-30 Norton Richard Elliott Method and apparatus for filtering streaming data
US20110004698A1 (en) * 2009-07-01 2011-01-06 Riverbed Technology, Inc. Defining Network Traffic Processing Flows Between Virtual Machines
US7889711B1 (en) 2005-07-29 2011-02-15 Juniper Networks, Inc. Filtering traffic based on associated forwarding equivalence classes
US8018943B1 (en) 2009-07-31 2011-09-13 Anue Systems, Inc. Automatic filter overlap processing and related systems and methods
US8098677B1 (en) 2009-07-31 2012-01-17 Anue Systems, Inc. Superset packet forwarding for overlapping filters and related systems and methods
US20120079107A1 (en) 2003-02-14 2012-03-29 Preventsys, Inc. System and Method for Interfacing with Heterogeneous Network Data Gathering Tools
US8156209B1 (en) 2001-02-15 2012-04-10 Cisco Technology, Inc. Aggregation devices processing keep-alive messages of point-to-point sessions
US8200203B1 (en) 2003-03-21 2012-06-12 Stratosaudio, Inc. Broadcast response method and system
US20130031233A1 (en) 2011-07-29 2013-01-31 International Business Machines Corporation Network filtering in a virtualized environment
US20130291109A1 (en) 2008-11-03 2013-10-31 Fireeye, Inc. Systems and Methods for Scheduling Analysis of Network Content for Malware
US20140229605A1 (en) * 2013-02-12 2014-08-14 Sharon Shalom Besser Arrangements for monitoring network traffic on a cloud-computing environment and methods thereof
US8914406B1 (en) 2012-02-01 2014-12-16 Vorstack, Inc. Scalable network security with fast response protocol
US8934495B1 (en) 2009-07-31 2015-01-13 Anue Systems, Inc. Filtering path view graphical user interfaces and related systems and methods
US9075642B1 (en) * 2011-09-30 2015-07-07 Emc Corporation Controlling access to resources using independent and nested hypervisors in a storage system environment
US9110703B2 (en) 2011-06-07 2015-08-18 Hewlett-Packard Development Company, L.P. Virtual machine packet processing
US20150263889A1 (en) 2014-03-14 2015-09-17 Network Critical Solutions Limited Network packet broker
US20150319030A1 (en) 2014-04-30 2015-11-05 Youval Nachum Smartap arrangement and methods thereof
US20150334628A1 (en) * 2012-12-13 2015-11-19 Samsung Electronics Co., Ltd. Method and device for transferring data traffic
US20160094418A1 (en) 2014-09-30 2016-03-31 Anue Systems, Inc. Selective Scanning of Network Packet Traffic Using Cloud-Based Virtual Machine Tool Platforms
US20160110211A1 (en) 2014-10-15 2016-04-21 Anue Systems, Inc. Methods And Systems For Forwarding Network Packets Within Virtual Machine Host Systems
US20170083354A1 (en) 2015-09-22 2017-03-23 Amazon Technologies, Inc. Connection-based resource management for virtual desktop instances
US20170099197A1 (en) 2015-10-02 2017-04-06 Ixia Network Traffic Pre-Classification Within VM Platforms In Virtual Processing Environments
US20170163510A1 (en) 2015-12-07 2017-06-08 Ixia Methods, systems, and computer readable media for packet monitoring in a virtual environment
US20170208037A1 (en) 2014-06-23 2017-07-20 Yissum Research Development Company Of The Hebrew University Of Jerusalem Ltd. Method and system for providing deep packet inspection as a service

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100801578B1 (ko) * 2006-12-07 2008-02-11 한국전자통신연구원 전력증폭기의 혼변조 신호발생기 및 이를 구비한 전치왜곡선형화 장치
US20120099602A1 (en) * 2010-10-25 2012-04-26 Brocade Communications Systems, Inc. End-to-end virtualization
US9292329B2 (en) * 2011-02-10 2016-03-22 Microsoft Technology Licensing, Llc Virtual switch interceptor

Patent Citations (78)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5515376A (en) 1993-07-19 1996-05-07 Alantec, Inc. Communication apparatus and methods
US20040103321A1 (en) 1996-02-06 2004-05-27 Wesinger Ralph E. Firewall providing enhanced network security and user transparency
US20010022786A1 (en) 1998-04-20 2001-09-20 Wai King Receive processing for dedicated bandwidth data communication switch backplane
US6920112B1 (en) 1998-06-29 2005-07-19 Cisco Technology, Inc. Sampling packets for network monitoring
US6321259B1 (en) 1998-10-02 2001-11-20 Nortel Networks Limited Attribute inheritance schema for network switches
US20090013052A1 (en) 1998-12-18 2009-01-08 Microsoft Corporation Automated selection of appropriate information based on a computer user's context
US6954775B1 (en) 1999-01-15 2005-10-11 Cisco Technology, Inc. Parallel intrusion detection sensors with load balancing for high speed networks
US6578147B1 (en) 1999-01-15 2003-06-10 Cisco Technology, Inc. Parallel intrusion detection sensors with load balancing for high speed networks
US6853623B2 (en) 1999-03-05 2005-02-08 Cisco Technology, Inc. Remote monitoring of switch network
US7027437B1 (en) 1999-05-21 2006-04-11 Advanced Micro Devices, Inc. Network switch multiple-port sniffing
US6785286B1 (en) 1999-05-25 2004-08-31 3Com Corporation Port mirroring across a trunked stack of multi-port communication devices
US6901517B1 (en) 1999-07-16 2005-05-31 Marconi Communications, Inc. Hardware based security groups, firewall load sharing, and firewall redundancy
US6839349B2 (en) 1999-12-07 2005-01-04 Broadcom Corporation Mirroring in a stacked network switch configuration
US20080222731A1 (en) 2000-01-14 2008-09-11 Secure Computing Corporation Network security modeling system and method
US7016980B1 (en) 2000-01-18 2006-03-21 Lucent Technologies Inc. Method and apparatus for analyzing one or more firewalls
US20010055274A1 (en) 2000-02-22 2001-12-27 Doug Hegge System and method for flow mirroring in a network switch
US7688727B1 (en) 2000-04-17 2010-03-30 Juniper Networks, Inc. Filtering and route lookup in a switching device
US7917647B2 (en) 2000-06-16 2011-03-29 Mcafee, Inc. Method and apparatus for rate limiting
US20040042470A1 (en) 2000-06-16 2004-03-04 Geoffrey Cooper Method and apparatus for rate limiting
US8156209B1 (en) 2001-02-15 2012-04-10 Cisco Technology, Inc. Aggregation devices processing keep-alive messages of point-to-point sessions
US20020186259A1 (en) 2001-04-20 2002-12-12 General Instrument Corporation Graphical user interface for a transport multiplexer
US6996779B2 (en) 2001-04-20 2006-02-07 General Instrument Corporation Graphical user interface for a transport multiplexer
US20030074421A1 (en) 2001-08-14 2003-04-17 Mieko Kusano Internet access via specific server and via proprietary application for selecting and controlling content: remote and local
US20030046657A1 (en) 2001-08-15 2003-03-06 Jason White Creating a graphical program to configure one or more switch devices
US7142518B2 (en) 2001-09-03 2006-11-28 Agilent Technologies, Inc. Monitoring communications networks
US7310306B1 (en) 2001-10-16 2007-12-18 Cisco Technology, Inc. Method and apparatus for ingress port filtering for packet switching systems
US20060256788A1 (en) 2001-12-28 2006-11-16 Donahue David B System and method for content filtering using static source routes
US7245620B2 (en) 2002-03-15 2007-07-17 Broadcom Corporation Method and apparatus for filtering packet data in a network device
US7143196B2 (en) 2002-05-06 2006-11-28 Silverstorm Technologies, Inc System and method for span port configuration
US20040003094A1 (en) 2002-06-27 2004-01-01 Michael See Method and apparatus for mirroring traffic over a network
US7254114B1 (en) 2002-08-26 2007-08-07 Juniper Networks, Inc. Network router having integrated flow accounting and packet interception
US7769873B1 (en) 2002-10-25 2010-08-03 Juniper Networks, Inc. Dynamically inserting filters into forwarding paths of a network device
US20080008202A1 (en) 2002-10-31 2008-01-10 Terrell William C Router with routing processors and methods for virtualization
US20040107361A1 (en) 2002-11-29 2004-06-03 Redan Michael C. System for high speed network intrusion detection
US20120079107A1 (en) 2003-02-14 2012-03-29 Preventsys, Inc. System and Method for Interfacing with Heterogeneous Network Data Gathering Tools
US8200203B1 (en) 2003-03-21 2012-06-12 Stratosaudio, Inc. Broadcast response method and system
US20040196841A1 (en) 2003-04-04 2004-10-07 Tudor Alexander L. Assisted port monitoring with distributed filtering
US20050053073A1 (en) 2003-09-03 2005-03-10 Andiamo Systems, Inc. A Delaware Corporation Switch port analyzers
US20050182950A1 (en) 2004-02-13 2005-08-18 Lg N-Sys Inc. Network security system and method
US7424018B2 (en) 2004-05-05 2008-09-09 Gigamon Systems Llc Asymmetric packet switch and a method of use
US7554984B2 (en) 2004-11-30 2009-06-30 Broadcom Corporation Fast filter processor metering and chaining
US7889711B1 (en) 2005-07-29 2011-02-15 Juniper Networks, Inc. Filtering traffic based on associated forwarding equivalence classes
US20090327903A1 (en) 2006-07-06 2009-12-31 Referentia Systems, Inc. System and Method for Network Topology and Flow Visualization
US20080072292A1 (en) 2006-09-01 2008-03-20 Narjala Ranjit S Secure device introduction with capabilities assessment
US20080201455A1 (en) 2007-02-15 2008-08-21 Husain Syed M Amir Moving Execution of a Virtual Machine Across Different Virtualization Platforms
US20090007021A1 (en) 2007-06-28 2009-01-01 Richard Hayton Methods and systems for dynamic generation of filters using a graphical user interface
US8447718B2 (en) 2007-11-09 2013-05-21 Vantrix Corporation Method and apparatus for filtering streaming data
US20100332618A1 (en) 2007-11-09 2010-12-30 Norton Richard Elliott Method and apparatus for filtering streaming data
US20090150996A1 (en) 2007-12-11 2009-06-11 International Business Machines Corporation Application protection from malicious network traffic
US20090172148A1 (en) 2007-12-26 2009-07-02 Verizon Business Network Services Inc. Method and system for monitoring and analyzing of ip networks elements
US20090238192A1 (en) 2008-03-21 2009-09-24 Alcatel Lucent In-band DPI application awareness propagation enhancements
US20100017801A1 (en) * 2008-07-18 2010-01-21 Vmware, Inc. Profile based creation of virtual machines in a virtualization environment
US20100027554A1 (en) 2008-07-30 2010-02-04 Jiri Kuthan Methods, systems, and computer readable media for implementing a policy for a router
US20130291109A1 (en) 2008-11-03 2013-10-31 Fireeye, Inc. Systems and Methods for Scheduling Analysis of Network Content for Malware
US20110004698A1 (en) * 2009-07-01 2011-01-06 Riverbed Technology, Inc. Defining Network Traffic Processing Flows Between Virtual Machines
US8842548B2 (en) 2009-07-31 2014-09-23 Anue Systems, Inc. Superset packet forwarding for overlapping filters and related systems and methods
US8902895B2 (en) 2009-07-31 2014-12-02 Anue Systems, Inc. Automatic filter overlap processing and related systems and methods
US20120106354A1 (en) 2009-07-31 2012-05-03 Anue Systems, Inc. Superset packet forwarding for overlapping filters and related systems and methods
US8098677B1 (en) 2009-07-31 2012-01-17 Anue Systems, Inc. Superset packet forwarding for overlapping filters and related systems and methods
US20110317694A1 (en) 2009-07-31 2011-12-29 Anue Systems, Inc. Automatic filter overlap processing and related systems and methods
US8934495B1 (en) 2009-07-31 2015-01-13 Anue Systems, Inc. Filtering path view graphical user interfaces and related systems and methods
US8018943B1 (en) 2009-07-31 2011-09-13 Anue Systems, Inc. Automatic filter overlap processing and related systems and methods
US9110703B2 (en) 2011-06-07 2015-08-18 Hewlett-Packard Development Company, L.P. Virtual machine packet processing
US20130031233A1 (en) 2011-07-29 2013-01-31 International Business Machines Corporation Network filtering in a virtualized environment
US9075642B1 (en) * 2011-09-30 2015-07-07 Emc Corporation Controlling access to resources using independent and nested hypervisors in a storage system environment
US8914406B1 (en) 2012-02-01 2014-12-16 Vorstack, Inc. Scalable network security with fast response protocol
US20150334628A1 (en) * 2012-12-13 2015-11-19 Samsung Electronics Co., Ltd. Method and device for transferring data traffic
US20140229605A1 (en) * 2013-02-12 2014-08-14 Sharon Shalom Besser Arrangements for monitoring network traffic on a cloud-computing environment and methods thereof
US9680728B2 (en) 2013-02-12 2017-06-13 Ixia Arrangements for monitoring network traffic on a cloud-computing environment and methods thereof
US20150263889A1 (en) 2014-03-14 2015-09-17 Network Critical Solutions Limited Network packet broker
US20150319030A1 (en) 2014-04-30 2015-11-05 Youval Nachum Smartap arrangement and methods thereof
US20170208037A1 (en) 2014-06-23 2017-07-20 Yissum Research Development Company Of The Hebrew University Of Jerusalem Ltd. Method and system for providing deep packet inspection as a service
US20160094418A1 (en) 2014-09-30 2016-03-31 Anue Systems, Inc. Selective Scanning of Network Packet Traffic Using Cloud-Based Virtual Machine Tool Platforms
WO2016053666A1 (en) 2014-09-30 2016-04-07 Anue Systems, Inc. Selective scanning of network packet traffic using cloud-based virtual machine tool platforms
US20160110211A1 (en) 2014-10-15 2016-04-21 Anue Systems, Inc. Methods And Systems For Forwarding Network Packets Within Virtual Machine Host Systems
US20170083354A1 (en) 2015-09-22 2017-03-23 Amazon Technologies, Inc. Connection-based resource management for virtual desktop instances
US20170099197A1 (en) 2015-10-02 2017-04-06 Ixia Network Traffic Pre-Classification Within VM Platforms In Virtual Processing Environments
US20170163510A1 (en) 2015-12-07 2017-06-08 Ixia Methods, systems, and computer readable media for packet monitoring in a virtual environment

Non-Patent Citations (24)

* Cited by examiner, † Cited by third party
Title
A. Esson and J. Mannos, "Broadcom BCM5600 StrataSwitch; A Highly Integrated Ethernet Switch on a Chip," Broadcom Corporation, Hot Chips Aug. 17, 1999.
F. Muhtar, "Appliances to Boost Network Defence," CyberSecurity Malaysia, Nov. 26, 2001.
G. Marshall, SC Magazine Reprint, "Attack Mitigator," Aug. 2002.
Hofstede et al., "Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX", IEEE, 31 pgs. (May 2014).
Ixia, "A Paradigm Shift for Network Visibility: Delivering Better Data for Better Decisions", Rev. A. May 2014, 14 pgs.
Ixia, "Ixia Application and Threat Intelligence Processor", Data Sheet, May 2014, 3 pgs.
Ixia, "Ixia xFilter", Data Sheet, May 2015, 5 pgs.
Ixia, Ixia Flex Tap, Data Sheet, 5 pgs. (Oct. 2015).
Ixia, Ixia Phantom vTap With TapFlow Filtering, Data Sheet, 4 pgs. (Jul. 2015).
J. Magee, "The Case for IDS Balancing vs. a Switch," Top Layer Networks, Inc., May 2003.
Kristopher Raney, "Selective Scanning of Network Packet Traffic Using Cloud-Based Virtual Machine Tool Platforms," U.S. Appl. No. 14/501,717, filed Sep. 30, 2014.
National Information Assurance Partnership, "Common Criteria Evaluation and Validation Scheme, Validation Report; Top Layer Networks; IDS BalancerTM Version 2.2 Appliance (IDSB3531-CCV1.0, IDSB3532-CCV1.0, IDSB4508-CCV1.0)," Report No. CCEVS-VR-04-0074, National Institute of Standards and Technology; National Security Agency, Sep. 3, 2004.
Office Action dated Jul. 27, 2018, from Raney, "Network Traffic Pre-Classification Within VM Platforms in Virtual Processing Environments," U.S. Appl. No. 15/342,170, filed Nov. 3, 2016, 37 pages.
Radware, "Radware's Smart IDS Management; FireProof and Intrusion Detection Systems; Deployment and ROI," North America Radware, Inc.; International Radware, Ltd., Aug. 21, 2002.
S. Edwards, "Vulnerabilities of Network Intrusion Detection Systems: Realizing and Overcoming the Risks; The Case for Flow Mirroring," Top Layer Networks, Inc., May 1, 2002.
SC Magazine Reprint, "IDS Balancer 3500 Appliance," Jul. 2002.
Search Report and Written Opinion, PCT/US2016/052589; dated Nov. 18, 2016, 13 pgs.
Top Layer Networks, Inc., "APP 2500; The Original Top Layer Device to Perfect the Switch Art of Network Security," internet advertisement, www.TopLayer.com. 2001.
Top Layer Networks, Inc., "Case Study-IDS Balancer; Building an Intelligent Monitoring Layer Using the Top Layer IDS Balancer Ensures Full Security Coverage for University of California, Irvine," www.TopLayer.com; 2003.
Top Layer Networks, Inc., "IDS Balancer 3.0 Delivers Ultimate Flexibility in Selecting, Filtering and Distributing Network Traffic," Press Release, Oct. 20, 2004.
Top Layer Networks, Inc., "IDS Balancer; Aggregation, Filtering, & Load Appliance," internet advertisement, www.TopLayer.com., 2004.
Top Layer Networks, Inc., "Product Enhancements Optimize Existing Network Intrusion Detection and Prevention Environments," Press Release, Aug. 18, 2003.
Top Layer Networks, Inc., "Top Layer Advances Scaleable Intrusion Detection With Industry Leading Multi-Gigabit Offering," Press Release, Mar. 10, 2003.
Top Layer Networks, Inc., "Case Study—IDS Balancer; Building an Intelligent Monitoring Layer Using the Top Layer IDS Balancer Ensures Full Security Coverage for University of California, Irvine," www.TopLayer.com; 2003.

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10652112B2 (en) 2015-10-02 2020-05-12 Keysight Technologies Singapore (Sales) Pte. Ltd. Network traffic pre-classification within VM platforms in virtual processing environments

Also Published As

Publication number Publication date
WO2017058564A1 (en) 2017-04-06
EP3356935A4 (de) 2019-04-03
EP3356935A1 (de) 2018-08-08
US20170099195A1 (en) 2017-04-06
EP3356935B1 (de) 2020-07-08

Similar Documents

Publication Publication Date Title
EP3356935B1 (de) Direkte netzverkehrsüberwachung innerhalb von virtuellen maschinenplattformen in virtuellen verarbeitungsumgebungen
US10652112B2 (en) Network traffic pre-classification within VM platforms in virtual processing environments
US11700237B2 (en) Intent-based policy generation for virtual networks
CN108540381B (zh) 计算方法、计算装置和计算机可读存储介质
EP3368996B1 (de) On-demand-paketverkehrsüberwachung für netzwerkpaketkommunikation in virtuellen verarbeitungsumgebungen
US10542577B2 (en) Connectivity checks in virtualized computing environments
US10193828B2 (en) Edge datapath using inter-process transports for control plane processes
US10177936B2 (en) Quality of service (QoS) for multi-tenant-aware overlay virtual networks
US10003537B2 (en) Egress port overload protection for network packet forwarding systems
US10536362B2 (en) Configuring traffic flow monitoring in virtualized computing environments
US10142263B2 (en) Packet deduplication for network packet monitoring in virtual processing environments
EP3419221B1 (de) Abfallerkennung und -schutz für die überwachung von netzwerkpaketen in virtuellen verarbeitungsumgebungen
WO2018023498A1 (zh) 网络接口卡、计算设备以及数据包处理方法
WO2017218173A1 (en) Providing data plane services for applications
US10171425B2 (en) Active firewall control for network traffic sessions within virtual processing platforms
US11075886B2 (en) In-session splitting of network traffic sessions for server traffic monitoring
US10178003B2 (en) Instance based management and control for VM platforms in virtual processing environments
US10581730B2 (en) Packet processing using service chains
EP4199457A1 (de) Paketverwurfüberwachung in einem virtuellen router
CN114338606A (zh) 一种公有云的网络配置方法及相关设备
US11115337B2 (en) Network traffic segregation on an application basis in a virtual computing environment

Legal Events

Date Code Title Description
AS Assignment

Owner name: IXIA, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RANEY, KRISTOPHER;REEL/FRAME:036718/0604

Effective date: 20150930

AS Assignment

Owner name: KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:IXIA;REEL/FRAME:044222/0695

Effective date: 20170930

Owner name: KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LT

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:IXIA;REEL/FRAME:044222/0695

Effective date: 20170930

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: KEYSIGHT TECHNOLOGIES SINGAPORE (SALES) PTE. LTD.,

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LTD.;REEL/FRAME:048225/0065

Effective date: 20181001

Owner name: KEYSIGHT TECHNOLOGIES SINGAPORE (SALES) PTE. LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KEYSIGHT TECHNOLOGIES SINGAPORE (HOLDINGS) PTE. LTD.;REEL/FRAME:048225/0065

Effective date: 20181001

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4